Original URL: http://www.theregister.co.uk/2007/09/25/symantec_internet_meltdown_false_alarm/
Symantec accidentally warns of internet meltdown
Dr Strangelove, I presume
Posted in Security, 25th September 2007 13:10 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Symantec inadvertently warned enterprise customers of a full-scale internet meltdown on Friday.
An erroneous alert from Symantec's DeepSight falsely warned that a devastating attack was underway. The message, which went out at 8:40pm Eastern time, contained a subject line that stated: "DeepSight Increased ThreatCon from 1 to 4 Alert."
The ThreatCon scale - whose moniker mimics the defense readiness condition (DEFCON [1]) system used by the military - runs from one (all calm on the Western Front) to four (meltdown).
The mark is decided by Symantec based on the patterns of attacks it monitors. Symantec has never issued a genuine ThreatCon 4 alert and has only rarely ramped up the scale to ThreatCon 3. The last time Symantec issued a ThreatCon 3 alert was in May 2004, during the height of the Sasser worm epidemic [2].
Symantec recalled the long range bombers moved back down to ThreatCon 1 and hour after issuing its Chicken Little-style alert on Friday. The security giant blamed the erroneous alert on "product testing", Computerworld reports [3].
Symantec's European centre of operations, one of four tracking stations it runs across the world, is housed [4] in a former nuclear shelter in rural Hampshire. Perhaps all that time underground monitoring threats affected one of Symantec's security watchers.
Perhaps some stir-crazy watcher, worried about hackers polluting our precious internet traffic, had a Brigadier General Jack D Ripper-style moment [5] and ratcheted up the threat scale. ®